Security Incidents mailing list archives
Re: Publishing Nimda Logs
From: "Jay D. Dyson" <jdyson () treachery net>
Date: Wed, 8 May 2002 23:25:53 -0700 (PDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 8 May 2002 Richard.Smith () predictive com wrote:
Why not publish the list and only include the source netblock. That way your still getting the info out there, but your not allowing a script kiddie to simply cut and paste your host list into a bot script.
This has to be the best compromise on the matter I've seen to date. One could list the netblocks and their respective cognizant provider and also list the number of systems within that netblock that are still issuing Nimda-infected scans. This approach certainly solves the DHCP-assigned IP address objection. Additionally, it renders the collected data at a sufficiently high level so that anyone who complains that such a list only aids the black hats (which I personally contest, but that's beside the point) will have no genuine argument. Superior idea, Richard. I give it a thumbs-up. - -Jay ( ( _______ )) )) .--"There's always time for a good cup of coffee"--. >====<--. C|~~|C|~~| (>------ Jay D. Dyson -- jdyson () treachery net ------<) | = |-' `--' `--' `------ Dead I Am The One Exterminating Sun. ------' `------' -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (TreacherOS) Comment: See http://www.treachery.net/~jdyson/ for current keys. iD8DBQE82hZ1GI2IHblM+8ERAp7pAJ43bsvLNUhgEfhll/I9+YvDlCGMSwCgml6h 0lqJdhK/0biykgt+qPUwJ6Q= =tSBY -----END PGP SIGNATURE----- ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Re: Publishing Nimda Logs, (continued)
- Re: Publishing Nimda Logs Mally Mclane (May 08)
- RE: Publishing Nimda Logs Steve Zenone (May 08)
- Re: Publishing Nimda Logs Mally Mclane (May 08)
- Re: Publishing Nimda Logs E (May 08)
- RE: Publishing Nimda Logs Benjamin Tomhave (May 08)
- Re: Publishing Nimda Logs John Kristoff (May 08)
- Re: Publishing Nimda Logs jlewis (May 08)
- Re: Publishing Nimda Logs Thomas Frerichs (May 08)
- Re: Publishing Nimda Logs Justin Shore (May 08)
- Re: Publishing Nimda Logs Mally Mclane (May 08)
- Re: Publishing Nimda Logs Richard . Smith (May 08)
- Re: Publishing Nimda Logs Jay D. Dyson (May 09)